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(57) Abstract 



A vehicle computer system provides a firewall between an auto PC and its application software and the vehicle bus and vehicle 
components. The firewall prevents unauthorized access by software in the auto PC to the vehicle bus and vehicle components. Preferably, 
the firewall utilizes encryption technology within the handshake between the auto PC software and firewall. 
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FIREWALL FOR VEHICLE COMMUNICATION BUS 
Background Art 

The present invention relates to computers for automotive vehicles and more 
particularly to a firewall for protecting vehicle functions from unauthorized access. 

It is known to provide a vehicle with a personal computer or "auto PC M which 
provides a user interface to vehicle functions, such as climate control, audio system, 
power windows, windshield wipers, etc. In order to provide these features, the auto 
PC must have access to the vehicle bus. Many vehicle components, including the 
engine control module, send and receive information and commands via the vehicle 
bus. Since the auto PC will permit the installation of third party software, unauthorized 
access to the vehicle bus is a concern. Unauthorized access to the vehicle bus could 
cause undesirable control of vehicle components. More importantly, unauthorized 
access to the vehicle bus could impair critical functions of the vehicle, such as the 
engine control system or braking system. 

Disclosure of the Invention 

The present invention provides a system and method for preventing 
unauthorized access by software in the auto PC to the vehicle bus or directly to vehicle 
components. This accomplished by a firewall between the auto PC software and 
vehicle bus. The firewall may be implemented solely in software in the auto PC itself, 
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or may comprise a separate hardware module. Preferably, the firewall utilizes 
encryption handshaking with auto PC software in the firewall. 

Brief Description of The Drawings 

The above, as well as other advantages of the present invention, will become 
readily apparent to those skilled in the art from the following detailed description of a 
preferred embodiment when considered in the light of the accompanying drawings in 
which: 

Figure 1 is a schematic of the present invention. 



Best Mode of Carrying out the Invention 

A vehicle computer system 20 is shown schematically in Figure 1 comprising 
an auto PC 22, which generally comprises a CPU 23 executing application software 
24a-c. Application software 24a-c each comprise code executable by the CPU 23 for 

15 providing any of the functions described herein or any of the functions well known to 

those in the art to be provided by the auto PC. It should also be understood that other 
software necessary to perform the functions described herein would also be included 
and that those reasonably skilled in the art would be able to create such software for 
performing these functions. Software 24a-c specifically refers to application software 

20 that would provide access to and control of vehicle components via a graphical user 

interface 26. The auto PC 22 may also include a feature board 28. Auto PC 22 may 
also receive input from devices 30 and 32. 
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As is known to those familiar with the auto PC concept, the auto PC 22 
provides a graphical user interface 26 for receiving information from and providing 
commands to vehicle components 34, 36, 38 and 40-40n. As is shown in Figure 1, 
vehicle component 38 is specifically a vehicle bus 38 which in turn provides access to 
vehicle components 40-40n. Vehicle components 34 and 36 represent any vehicle 
components which are not accessible via the vehicle bus 38, but are accessed directly 
by the auto PC. 

Generally , vehicle components 34, 36 and 40-40n would include climate control 
systems, cellular phone, navigation system, audio system, digital video disc system, 
power windows, windshield wipers, suspension system, engine control system, 
automatic braking system. Other vehicle components to which convenient access could 
be provided via the auto PC 22 could also be included. Preferably most of these 
components 40-40n would be accessible via the vehicle bus 38; however, other vehicle 
components 34, 36 may be accessed directly and not be accessible via the vehicle bus 
38. 

Since one of the features of the auto PC 22 is an open platform, the present 
invention provides a firewall 50 between the application software 24a-c and the vehicle 
components 34, 36, 38 and 40-40n. The firewall 50 insures that the application 
software 24a-c is authorized before permitting the application software 24a-c to send 
commands to any of the vehicle components 34, 36, 38 and 40-40n. The firewall 50 
may comprise a separate chip or separate hardware connected between the auto PC 22 
and the vehicle components 34, 36 and 38. Preferably, however, the firewall 50 is 
implemented in software run by the CPU 23 in the auto PC 22. 



WO 00/09363 PCT/US99/1 7852 

When application software 24 wishes to access one of the vehicle components, 
it first initiates handshake with the firewall 50. Preferably this handshake is similar to 
that used in some remote keyless entry systems. The application software 24 sends a 
code to the firewall 50. The firewall 50 evaluates the code to determine if it is a valid 
code. If so, the firewall 50 relays the command to the appropriate vehicle component. 

Most preferably, the codes from the application software 24 are encrypted 
utilizing random or pseudorandom number generation techniques known in remote 
keyless entry systems. Preferred code encryption techniques are more fully disclosed 
in the following U.S. Patents: 5,619,575 Koopman, Jr. et al. , 5,649,014 Koopman, Jr. 
et ah, 5,696,828 Koopman, Jr., 5,757,923 Koopman, Jr., 5,598,476 Koopman, Jr. et 
al., 5,398,284 Finn et ah, 5,377,270 Finn et al., and 5,363,448 Finn et al., all of 
which are assigned to the assignee of the present invention and which are hereby 
incorporated by reference. 

In accordance with the provisions of the patent statutes and jurisprudence, 
exemplary configurations described above are considered to represent a preferred 
embodiment of the invention. However, it should be noted that the invention can be 
practiced otherwise than as specifically illustrated and described without departing from 
its spirit or scope. 
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Claims 

1 . A vehicle computer system comprising: 
a user interface receiving input from a user; 

a CPU receiving said input and generating a command in response to said input; 

and 

a firewall selectively preventing or permitting said command from being 
transmitted to the vehicle. 

2. The vehicle computer system of claim 1 wherein said firewall receives 
a code from said CPU, said firewall selectively preventing or permitting based upon 
said code. 

3. The vehicle computer system of claim 2 wherein said code is encrypted. 

4. The vehicle computer system of claim 3 wherein said firewall restricts 
access to a vehicle bus. 

5. The vehicle computer system of claim 1 wherein said firewall restricts 
access to a vehicle bus. 

6. The vehicle computer system of claim 1 wherein said user interface 
receives user input for controlling a climate control system. 
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7. A vehicle computer system comprising: 
a user interface receiving input from a user; 

a CPU receiving said input and generating a command and a code in response 
to said input; and 

a firewall receiving and evaluating said code, said firewall sending said 
command to a vehicle bus only if said code is valid. 

8. The vehicle computer system of claim 7 wherein said CPU is installed 
in the vehicle. 

9. The vehicle computer system of claim 8 wherein said code is encrypted. 

10. The vehicle computer system of claim 9 wherein said CPU controls a 
plurality of vehicle systems. 

11. The vehicle computer system of claim 10 wherein said plurality of 
vehicle systems include a climate control system and an audio system. 
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12. A method for preventing unauthorized access to vehicle components 
including the steps of: 

receiving a code and a command; 
evaluating the code; and 
5 selectively sending or not sending the command to a vehicle component based 

upon said evaluation of said code. 

13. The method of claim 12 wherein the vehicle component is a vehicle bus. 

10 14. The method of claim 13 further the step of encrypting the code. 

15 . The method of claim 14 further including the step of receiving the code 
and command from an auto PC. 



7 



; DOC ID: <WO 0009363A1J_> 



INTERNATIONAL SEARCH REPORT 



Intt v iorial Application No 

PCT/US 99/17852 



A. CLASSIFICATION OF SUBJECT MATTER 

IPC 7 B60R16/02 H04L29/06 B60R25/00 



According to International Patent Classification (IPC) or to both national classification and IPC 



B. FIELDS SEARCHED 



Minimum documentation searched (classification system followed by classification symbols) 

IPC 7 B60R H04L 



Documentation searched other than minimum documentation to the extent that such documents are included in the fields searched 



Electronic data base consulted during the international search (name of data base and. where practical, search terms used) 



C. DOCUMENTS CONSIDERED TO BE RELEVANT 



Category ° 


Citation ot document, with indication, where appropriate, ol the relevant passages 


Relevant to claim No. 


Y 


EP 0 392 411 A (HITACHI LTD) 
17 October 1990 (1990-10-17) 
column 3, line 4 - line 45 
column 7, line 36 - line 46 
figures 1,3 


l-ll 


Y 


US 5 416 842 A (AZIZ ASHAR) 
16 May 1995 (1995-05-16) 
abstract 

column 4, line 40 - line 64 
figures 1,2 


l-n 


A 


TED DOTY: "A FIREWALL OVERVIEW- 
CONNEXIONS , XX , XX , 

vol. 9, no. 7, page 20-23 XP000564023 

ISSN: 0894-5926 
the whole document 

-/-- 


1-4 



Further documents are listed in the continuation of box C. 



Patent family members are listed in annex. 



* Special categories of cited documents : 

"A" document defining the general state ot the art which is not 
considered to be of particular relevance 

"E" earlier document but published on or after the international 
filing date 

"L" document which may throw doubts on priority claim(s) or 
which is cited to establish the publication date of another 
citation or other special reason (as specified) 

"O" document referring to an oral disclosure, use. exhibition or 
other means 

"P" document published prior to the international filing date but 
later than the priority date claimed 



"T" later document published after the international filing date 
or priority date and not in conflict with the application but 
cited to understand the principle or theory underlying the 
invention 

"X" document of particular relevance: the claimed invention 
cannot be considered novel or cannot be considered to 
involve an inventive step when the document is taken alone 

"Y" document of particular relevance: the claimed invention 

cannot be considered to involve an inventive step when the 
document is combined with one or more other such docu- 
ments, such combination being obvious to a person skilled 
in the art. 

document member of the same patent family 



Date of the actual completion of the international search 

1 December 1999 


Date of mailing of the international search report 

10/12/1999 


Name and mailing address of the ISA 

European Patent Office. P.B. 581 8 Patentlaan 2 
NL - 2280 HV Rijswijk 
Tel. (+31-70)340-2040. Tx. 31 651 epo nl. 
Fax: (+31-70) 340-3016 


Authorized officer 

Billen, K 



Form PCT/lSAy210 (second shoot) (July 1992) 



DC ID; <WO 0009363A1_I_> 



page 1 of 2 



INTERNATIONAL SEARCH REPORT 



C(Continuation) DOCUMENTS CONSIDERED TO BE RELEVANT 



Inte onal Application No 

PCT/US 99/17852 



Cate9ory • Ciiation of document, with indication .where appropriate, of the relevant passages 



Relevant to claim No. 



US 5 555 502 A (OPEL GEORGE E) 
10 September 1996 (1996-09-10) 
abstract 
figure 3 



1,6-11 



Form PCT/ISA/210 (continuation of second sheet) (July 1992) 
IDOCID: <WO 00O93B3A1_l_> 



page 2 of 2 




iSDOCID: <WO 0009363A1_I_> 



